300-475 CLDACI Designing the Cisco Cloud

Exam Number 300-475 CLDACI
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 – 65 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Recommended Training
The following course is the recommended training for this exam:
Building the Cisco Cloud with Application Centric Infrastructure (CLDACI)

Exam Description
This exam tests a candidate’s knowledge and skills in ACI Architecture, Fabric and Physical Topology; ACI Design and Configuration; APIC Automation Using Northbound API; ACI Integration; and ACI Day 2 Operations.

The Building the Cisco Cloud with Application Centric Infrastructure (CLDACI) exam (300-47) is a 90-minute, 55–65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate’s knowledge and skills in ACI architecture, fabric and physical topology; ACI design and configuration; APIC automation using northbound API; ACI integration; and ACI day two operations. Candidates can prepare for this assessment by taking the Building the Cisco Cloud with Application Centric Infrastructure (CLDACI v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 ACI Architectural Overview 10%
1.1 Describe concepts of decoupling of identity from location and why ACI is relevant
1.1.a Application policy
1.1.b Application mobility
1.1.c Application use cases for ACI

1.2 Describe basic fabric design concepts
1.2.a Theory of design leaf spine
1.2.b Fabric controller

1.3 Describe connectivity for the following
1.3.a Bare metal servers
1.3.b Appliances
1.3.c Networks
1.3.d Interoperability

1.4 Describe fabric use of VXLAN
1.5 Describe the operational model change in data center / orchestration / northbound API

2.0 ACI Fabric Fundamentals 15%
2.1 Describe ACI VXLAN overlay functionality
2.2 Describe service graphing
2.3 Describe endpoints and endpoint groups
2.4 Describe application workload mobility
2.5 Describe ACI multitenancy model
2.6 Describe Layer 4 to Layer 7 services
2.7 Describe telemetry
2.8 Describe dynamic load balancing
2.9 Describe unicast fast reroute
2.10 Describe multicast fast reroute
2.11 Describe health scores
2.12 Describe anycast gateway
2.13 Describe the object-oriented NX-OS

3.0 ACI Physical Topology 12%
3.1 Explain 40 Gb and 100 Gb technologies
3.2 Describe spine
3.3 Describe leaf
3.4 Describe fat tree
3.5 Describe federation of policies
3.6 Describe architecture spine, leaf
3.7 Describe FEX placement
3.8 Describe vPC and ACI
3.9 Describe hypervisor networking
3.10 Describe pods
3.11 Describe controller network

4.0 ACI Design and Configuration 20%
4.1 Describe migration
4.2 Explain ACI scale
4.2.a Per fabric
4.2.b Per leaf
4.3 Designing Topologies
4.4 Describe ACI external and management tenants / EPGs
4.4.a Layer 2
4.4.b Layer 3
4.4.b (i) Private – Layer 3
4.5 Configure application profile
4.6 Configure contracts
4.7 Configure EPGs
4.8 Configure tenant

5.0 APIC Automation Using Northbound API 14%
5.1 Describe the role of automation and APIs
5.2 Compare and contrast the DevOps approach and the ITIL approach
5.3 Differentiate the relationship between the following technologies and the ACI operational models
5.3.a Puppet
5.3.b Chef
5.3.c Python (Cobra, SDK)
5.3.d JSON
5.3.e XML
5.3.f RESTful API

6.0 ACI Integration 14%
6.1 Integrating L4-7 Services with ACI
6.1.a Describe the Layer 4-7 ACI concepts
6.1.a (i) Firewalls
6.1.a (ii) Load balancers
6.1.a (iii) IDS
6.1.b Integrating existing Cisco and OEM devices
6.1.c Describe the automation capabilities
6.1.d Implement ACI with fully integrated devices

6.2 Hypervisor integration
6.2.a Describe how the hypervisor endpoint discovery is accomplished
6.2.b Describe how the hypervisor endpoint policy is applied
6.2.c Compare and contrast the ACI features of the Cisco AVS to other virtual switches

6.3 Integration with Cisco OpenStack
6.3.a Describe the role of the Cisco OpenStack controller
6.3.b Describe the Interaction with the ACI fabric: the ACI neutron plugin
6.3.c Describe the OpFlex concept and advantages into an easy integration to the ACI fabric

7.0 ACI Day 2 Operations 5%
7.1 APIC management
7.1.a Explain controller overview
7.1.b Explain controller clustering
7.1.c Describe cluster communication
7.1.d Explain scalability

7.2 Monitoring and Troubleshooting

7.2.a Troubleshooting the ACI fabric


QUESTION 1
How does the Cisco ACI fabric decouple host identity from its location in the fabric?

A. VTEP addresses
B. contract
C. end point groups
D. L2VPN EVPN address family

Answer: C

Explanation:


QUESTION 2
Which best describes the Cisco ACI fabric configuration?

A. manual discovery, manual provisioning, 10- and 40-Gb/s links, Clos design
B. autodiscovery, manual provisioning, 10- and 40-Gb/s links, Clos design
C. autodiscovery, zero-touch provisioning, 40-Gb/s links, Clos design
D. manual discovery, zero-touch provisioning, 40-Gb/s links, Clos design

Answer: C

Explanation:


QUESTION 3
What is the requirement to establish connectivity in the Cisco ACI fabric between two EPGs in
separate tenants?

A. scope tenant contract
B. scope private contract
C. scope intertenant contract
D. scope global contract

Answer: D

Explanation:


QUESTION 4
Which network protocol is used for Cisco ACI fabric data plane forwarding?

A. VXLAN
B. ISIS
C. MP-BGP
D. FabricPath

Answer: A

Explanation:


QUESTION 5
Which two encoding languages are used by the Cisco APIC API? (Choose two.)

A. JSON
B. JAVA
C. BSON
D. XML
E. YAML

Answer: A,D

Explanation:

Click here to view complete Q&A of 300-475 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-475 Certification, Cisco 300-475 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-470 CLDAUT Designing the Cisco Cloud

Exam Number 300-470 CLDAUT
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 – 65 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Exam Description
The Automating the Cisco Enterprise Cloud (CLDAUT) exam (300-470) is a 90-minute, 55–65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate’s knowledge and ability to provision private IaaS, provision private IaaS with catalog scaling, provision private IaaS with network automation, provision hybrid IaaS, and perform application provisioning a life-cycle management. Candidates can prepare for this assessment by taking the Automating the Cisco Enterprise Cloud (CLDAUT v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Provision Private IaaS Infrastructure 27%

1.1 Create cloud tenant

1.1.a Provision infrastructure devices
1.1.a.1 Provision network
1.1.a.2 Provision compute
1.1.a.3 Provision storage

1.2 Develop policies

1.2.a Network
1.2.b Storage
1.2.c Compute
1.2.d Cost model
1.2.e Service catalog

1.3 Manage virtual data centers

1.3.a Create virtual data center
1.3.b Manage application categories in a VDC

1.4 Manage workflows

1.4.a Create input/output parameters
1.4.b Add tasks to workflow designer
1.4.c Create custom workflow tasks
1.4.d Describe the open automation took kit (SDK)

1.5 Manage catalogs

1.5.a Publish standard and advanced catalogs
1.5.b Cloning a catalog
1.5.c Create user VM action policy
1.5.d Cost (monetary) tracking

1.6 Configure self-service provisioning in Cisco UCS Director

1.6.a Customize portals
1.6.b Create service request workflow
1.6.c Monitor service requests

2.0 Provision Private IaaS Catalog 17%

2.1 Publish Cisco UCS Director services in PSC 11.0

2.1.a Discover Cisco UCS Director catalogs and templates
2.1.b Publish services with RBAC for end-user ordering

2.2 Order PSC IaaS services as end users

2.2.a Login as an end user
2.2.b Order a VM based on standard or advanced
2.2.c Catalogs
2.2.d Order a service container

2.3 Publish application stack services

2.3.a Design application stack services
2.3.b Publish application stack services with RBAC for end-user ordering
2.3.c Order application stack as an end user

3.0 Provision Private IaaS with Network Automation 18%

3.1 Define policies for container

3.1.a Computing policies
3.1.b Network policy
3.1.c Storage policies
3.1.d System policies

3.2 Defining global resource pools

3.2.a Configure VLAN/VXLAN pools
3.2.b Configure IP subnet pools
3.2.c Configure static IP pools

3.3 Creating a Cisco VACS three-tier internal template

3.3.a Specifying a template type
3.3.b Selecting the deployment options
3.3.c Configuring network resource pools
3.3.d Configuring VM networks
3.3.e Adding virtual machines to a template

3.4 Creating a Cisco VACS three-tier external template

3.4.a Define ACL for three-tier external template
3.4.b Configure security zones

3.5 Publish discovered VACS services in PSC 11.0

3.5.a Discover the VACS containers
3.5.b Register the VACS application container templates

4.0 Provision Hybrid IaaS 18%

4.1 Configure intercloud fabric connectivity

4.1.a Set up provider cloud account
4.1.b Set up infrastructure image
4.1.c Set up secure extension
4.1.d Add port profile
4.1.e Create IP pools for VMs
4.1.f Create user groups and users
4.1.g Configure vDCs
4.1.h Configure network and system policies

4.2 Create VM templates to deploy new workloads in the hybrid cloud

4.2.a Configure a virtual machine template
4.2.b Configure network policies
4.2.c Configure system policies
4.2.d Configure storage policies
4.2.e Configure VMware policies (network, system, computing, and storage)
4.2.f Create a catalog for templates

4.3 Create VM templates to migrate workloads between public cloud and private clouds

4.3.a Configure a virtual machine template
4.3.b Configure network policies
4.3.c Configure system policies
4.3.d Configure storage polices
4.3.e Configure VMware policies (network, system, computing, and storage)
4.3.f Create a catalog for templates

4.4 Deploy security appliances in the hybrid cloud

4.4.a Run infrastructure wizard through ICF to bring up ICS services controller and cloud components (such as: PNSC)
4.4.b Add the compute firewall
4.4.c Define compute security profile
4.4.d Define object groups, zones, rules, and policies
4.4.e Create service path
4.4.f Bind the service path to port profile

4.5 Configure routing policies to enable secure communication between hybrid cloud VMs

4.5.a Add edge routers
4.5.b Add system policies
4.5.c Add network policies
4.5.d Add routing policies
4.5.e Assign VMs

4.6 Configure end-user workflows to manage virtual machines in hybrid cloud environment

4.6.a Bursting
4.6.b Sandbox for development
4.6.c Disaster recovery
4.6.d Production deployment on public environment

5.0 Application Provisioning and Life-Cycle Management 20%

5.1 Order a virtual server on PSC 11.0

5.1.a Order a VM based on standard or advanced catalogs
5.1.b Order a service container

5.2 Order a physical server on PSC 11.0

5.2.a Order a bare-metal physical server
5.2.b Order a virtualized physical server

5.3 Order a multitier application container on PSC 11.0

5.3.a Order a three-tier application container

5.4 Managing application containers

5.4.a Access the application container reports
5.4.b Power on the application container
5.4.c Power off the application container
5.4.d Add VMs to application container
5.4.e Delete VMs from application container
5.4.f Delete an application container

5.5 Managing life cycles

5.5.a VM
5.5.b Compute
5.5.c Storage
5.5.d Network

5.6 Snapshots

5.6.a Types
5.6.b Requirements
5.6.c Limitations


QUESTION 1
Cisco Intelligent Automation Cloud is a solution that enables organizations to automate delivery of
physical and virtual servers through the use of a self-service portal. Which two key Cisco products
are used for the automation framework of this solution? (Choose two.)

A. Cisco Process Orchestrator
B. Cisco Prime Service Catalog
C. Cisco Cloud Orchestrator
D. Cisco Server Orchestrator
E. Cisco Process Portal

Answer: A,B

Explanation:


QUESTION 2
Which three statements are true regarding Cisco VACS and its benefit for cloud deployment?
(Choose three.)

A. Cisco VACS offers easy-to-use templates for rapid provisioning.
B. Cisco VACS lacks security although it offers intuitive user interface through Cisco UCS
Director.
C. Cisco VACS is a robust container for three-tier or custom application deployment.
D. CSR benefits up to 10-G/ps throughput with the advent of Cisco VACS support.
E. CSR benefits up to 40-G/ps throughput with the advent of Cisco VACS support.
F. Cisco VACS offers acustom application deployment for the Cisco Prime Service Catalog.

Answer: A,C,D

Explanation:


QUESTION 3
The Cisco UCS Director includes a set of wizards that guide through configuring features. Which
three wizards are available in the Cisco UCS Director? (Choose three.)

A. FlexPod Configuration
B. VDC Creation
C. Catalog Configuration
D. Device Discovery
E. Zoning Creation
F. Storage Discovery

Answer: A,B,D

Explanation:


QUESTION 4
A cost model in UCS Director is used to define the unit level costs of which two virtual resources?
(Choose two.)

A. socket
B. CPU
C. RAM
D. NIC
E. vNIC
F. datastore size

Answer: B,C

Explanation:


QUESTION 5
Which two statements are true regarding role-based access control in Prime Service Catalog?
(Choose two.)

A. IT admin usesthe Cisco Prime Service Catalog as the primary interface to manage tenant life
cycle and services.
B. Tenant admin in the private cloud is associated with tenant billing and cost model.
C. Development of stack designer for application deployment is not within the framework of RBAC.
D. IT admin manages infrastructure in the cloud and uses the Cisco Prime Service Catalog,
Horizon, and Openstack templates as the primary interface.

Answer: A,D

Explanation:

 

Click here to view complete Q&A of 300-470 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-470 Certification, Cisco 300-470 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-465 CLDDES Designing the Cisco Cloud

Exam Number 300-465 CLDDES
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 – 65 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Exam Description
The 300-465 (CLDDES) Designing the Cisco Cloud is a 90-minute, 55-65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate’s knowledge and ability to: translate requirements into cloud/automation process designs; design Private Cloud infrastructures; design Public Cloud infrastructures, design Cloud Security Policies; and design Virtualization and Virtual Network Services. Candidates can prepare for this assessment by taking the Designing the Cisco Cloud (CLDDES v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Translate Requirements into Automation Designs 22%

1.1 Gather business requirements

1.1.a Identify key business requirements for cloud/automation
1.1.b Choose appropriate cloud implementation to meet business requirements

1.2 Describe automation as a foundation of cloud design

1.3 Design appropriate automation tasks to meet requirements

1.3.a Design infrastructure container automation within UCS Director
1.3.b Design catalog
1.3.c Define infrastructure container
1.3.d Design workflow and services

1.4 Design Prime Services Catalog store front for UCS Director

1.5 Design Application and Platform as a Service using Stack Designer

1.6 Select the appropriate solution to automate private or hybrid clouds

1.6.a Cisco Enablement Platform
1.6.b UCS Director
1.6.c Cisco Intelligent Automation for Cloud (CIAC)

2.0 Design a Private Cloud Infrastructure 22%

2.1 Compare and contrast the various private cloud integrated infrastructures

2.1.a Flexpod
2.1.b VBlock
2.1.c Virtual System Specifications (VSPEX)

2.2 Given a set of requirements, determine when to use file or block storage

2.3 Select the methods of accessing storage

2.3.a Determine connectivity types
2.3.b Determine access rights

2.4 Determine the thin/thick provisioning methods for a given environment

2.5 Determine the appropriate methods of interconnecting private clouds

2.6 Determine when to use the appropriate solution to automate network services

3.0 Design a Hybrid Cloud Infrastructure 16%

3.1 Compare and contrast the various public cloud architectures

3.2 Select the methodology to connect to public clouds

3.3 Select the appropriate solution to automate hybrid cloud provisioning

4.0 Design a Cloud Security Policy 20%

4.1 Describe best practices for securing cloud infrastructure

4.2 Describe best practices for securing cloud services

4.3 Design a secure multi tenant environment

4.4 Design a security policy to protect a private cloud

4.5 Design a security policy to protect a hybrid cloud

5.0 Virtualization and Virtual Network Services for Private and Hybrid Clouds 20%

5.1 Describe the advantages, disadvantages and features of different hypervisors

5.1.a Resource scheduling
5.1.b DR
5.1.c HA

5.2 Describe the use of cloud automation tools to facilitate physical to virtual or virtual to virtual migrations

5.2.a Workflows
5.2.a.1 Cisco Enablement Platform
5.2.a.2 UCS Director
5.2.a.3 Virtual Application Container Services (VACS)
5.2.b Compare benefits and limitation of Virtual Machines

5.3 Select the appropriate virtual network and security services to meet requirements

5.4 Describe context aware infrastructure and workflow identity

5.4.a Methodologies
5.4.b Components
5.4.c Use cases

5.5 Describe workload mobility

5.5.a Describe VM migration: move VMs from any hypervisor to any public cloud and back
5.5.b Describe VM conversion
5.5.c Describe use cases

5.6 Describe the ability to automate VM life cycle

5.6.a Describe workflow creation using Intercloud Fabric Director and Prime Services Catalog

Click here to view complete Q&A of 300-465 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-465 Certification, Cisco 300-465 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-460 CLDINF Implementing and Troubleshooting the Cisco Cloud Infrastructure

Exam Number 300-460 CLDINF
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 – 65 questions)
Available Languages English

Exam Description
The 300-460 (CLDINF) Implementing and Troubleshooting the Cisco Cloud Infrastructure is a 90-minute, 55-65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate’s knowledge and ability to: setup Cloud infrastructure including physical and virtual Data Centers; implement Storage infrastructure and connectivity; implement Network infrastructure and connectivity; implement Compute; troubleshoot Cloud workflows or applications; and identify infrastructure operational domains. Candidates can prepare for this assessment by taking the Implementing and Troubleshooting the Cisco Cloud Infrastructure (CLDINF v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Knowledge of Cloud Infrastructure 16%

1.1 Demonstrate practical experience of both physical and virtual Data Centers

1.1.a Validate physical connection to LAN, SAN
1.1.b Management connection
1.1.c Server ports to chassis
1.1.d Virtual fiber channel
1.1.e Domain Virtual Machine Manager (VMM)
1.1.f Configuring UCS service profiles, vNICs & templates

1.2 Setup hypervisor

2.0 Storage 21%

2.1 Implement storage infrastructure

2.1.a Block Storage
2.1.a.1 Zoning
2.1.a.2 Describe initiator and target relationship
2.1.a.3 Boot targets
2.1.a.4 Setup LUN/Volume on storage controller
2.1.b File Storage
2.1.b.1 Mount point vs. shares

2.2 Implement storage connectivity

2.2.a Configure vHBA
2.2.b Configure WWPN pool
2.2.c Configure WWN Pool
2.2.d Configure iSCSI pool
2.2.e Configure VSAN group
2.2.f Configure boot order/ boot policy
2.2.g Configure local storage / disk policy (RAID)
2.2.h Describe protected config

3.0 Network Tasks 22%

3.1 Implement network infrastructure

3.1.a Nexus 1000v / Distributed Virtual Switch (DVS)
3.1.b Virtual switch

3.2 Implement network connectivity

3.2.a vNICs
3.2.b MAC pool
3.2.c IP Management pool
3.2.d UUID pool
3.2.e Port-profiles / port groups
3.2.f VLAN group, VXLAN

4.0 Compute 23%

4.1 Implement Compute

4.1.a Virtual
4.1.a.1 Install Hypervisors
4.1.a.2 Configure templates
4.1.a.3 Configure resource pools
4.1.b Physical
4.1.b.1 Bare Metal
4.1.b.1.1 OS image / template
4.1.b.1.2 PXE boot
4.1.b.1.3 Lights out management
4.1.c UCSM
4.1.c.1 Service profiles
4.1.c.2 Boot policy

5.0 Troubleshooting knowledge of Infrastructure 18%

5.1 Troubleshoot context of workflow or applications

5.1.a Describe troubleshooting methodologies
5.1.b Templates
5.1.c Orchestration
5.1.d Provisioning

5.2 Identify operational domains

5.2.a Storage
5.2.b Networking
5.2.c Virtualization
5.2.d Compute

Click here to view complete Q&A of 300-460 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-460 Certification, Cisco 300-460 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-320 ARCH Designing Cisco Network Service Architectures

Exam Number 300-320
Associated Certifications CCDP
Duration 75 minutes (60 – 70 questions)
Available Languages English

Exam Description
The Designing Cisco Network Service Architectures (ARCH) exam (300-320) is a 75-minute assessment with 60 – 70 questions associated with the Cisco Certified Design Professional certification. This exam tests a candidate’s knowledge of the latest development in network design and technologies, including L2 and L3 infrastructures for the enterprise, WAN technologies, data center integration, network security and network services.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Advanced Addressing and Routing Solutions for Enterprise Networks 22%

1.1 Create structured addressing designs to facilitate summarization

1.1.a Hierarchy
1.1.b Efficiency
1.1.c Scalability
1.1.d NAT

1.2 Create stable, secure, and scalable routing designs for IS-IS

1.3 Create stable, secure, and scalable routing designs for EIGRP

1.4 Create stable, secure, and scalable routing designs for OSPF

1.5 Create stable, secure, and scalable routing designs for BGP

1.5.a Transit prevention
1.5.b Basic route filtering
1.5.c Authentication
1.5.d Communities
1.5.e Basic traffic engineering (load distribution, creating path symmetry)
1.5.f Route reflectors

1.6 Determine IPv6 migration strategies

1.6.a Overlay (tunneling)
1.6.b Native (dual-stacking)
1.6.c Boundaries (IPv4/IPv6 translations)

2.0 Advanced Enterprise Campus Networks 20%

2.1 Design for high availability

2.1.a First Hop Redundancy Protocols
2.1.b Device virtualization

2.2 Design campus Layer 2 infrastructures

2.2.a STP scalability
2.2.b Fast convergence
2.2.c Loop-free technologies

2.3 Design multicampus Layer 3 infrastructures

2.3.a Convergence
2.3.b Load sharing
2.3.c Route summarization
2.3.d Route filtering
2.3.e VRFs
2.3.f Optimal topologies

2.4 Design a network to support network programmability

2.4.a Describe Application Centric Infrastructures (ACI)
2.4.b Select appropriate controller to meet requirements
2.4.c Identify and address key security issues with network programmability

3.0 WANs for Enterprise Networks 17%

3.1 Compare and contrast WAN connectivity options

3.1.a Dynamic Multipoint VPN (DMVPN)
3.1.b Layer 2 VPN
3.1.c MPLS Layer 3 VPN
3.1.d IPsec
3.1.e Generic Routing Encapsulation (GRE)
3.1.f Private lines

3.2 Design site-to-site VPNs

3.2.a DMVPN
3.2.b Layer 2 VPN
3.2.c MPLS Layer 3 VPN
3.2.d IPSec
3.2.e Group Encrypted Transport VPN (GETVPN)

3.3 Design for a resilient WAN strategy

3.3.a Single-homed
3.3.b Multi-homed
3.3.c Backup connectivity
3.3.d Failover

3.4 Design Extranet connectivity

3.4.a VPN
3.4.b Private lines
3.4.c Multitenant segmentation

3.5 Design Internet edge connectivity

3.5.a DMZ
3.5.b NAT
3.5.c Proxy functionality
3.5.d Resiliency
3.5.e Basic traffic engineering techniques (outbound/inbound load distribution, active/failover, symmetric outbound traffic flows)

4.0 Enterprise Data Center Integration 17%

4.1 Describe a modular and scalable data center network

4.1.a Top-of-rack
4.1.b End-of-row
4.1.c Multitenant environments
4.1.d Multitier topologies

4.2 Describe network virtualization technologies for the data center

4.2.a VPC
4.2.b VSS
4.2.c VDCs
4.2.d VRFs
4.2.e Multichassis EtherChannel
4.2.f VXLAN
4.2.g TRILL / Fabric Path

4.3 Describe high availability in a data center network

4.3.a VPC
4.3.b VSS
4.3.c Multichassis EtherChannel

4.4 Design data center interconnectivity

4.4.a OTV
4.4.b Private Line
4.4.c L2 vs. L3
4.4.d VPLS
4.4.e A-VPLS

4.5 Design data center and network integration

4.5.a Traffic flow
4.5.b Bandwidth
4.5.c Security
4.5.d Resiliency

5.0 Security Services 13%

5.1 Design firewall and IPS solutions

5.1.a Modes of operation
5.1.b Clustering
5.1.c High availability techniques
5.1.d IPS functionality and placement
5.1.e Multiple contexts

5.2 Design network access control solutions

5.2.a 802.1x
5.2.b TrustSec
5.2.c EAP
5.2.d Authentication services
5.2.e RBAC
5.2.f Basic denial of service mitigation techniques

5.3 Design infrastructure protection

5.3.a Infra structure ACLs
5.3.b CoPP
5.3.c Layer 2 / Layer 3 security considerations

6.0 Network Services 11%

6.1 Select appropriate QoS strategies to meet customer requirements

6.1.a DiffServ
6.1.b IntServ

6.2 Design end-to-end QoS policies

6.2.a Classification and marking
6.2.b Shaping
6.2.c Policing
6.2.d Queuing

6.3 Describe network management techniques

6.3.a In-band vs. out-of-band
6.3.b Segmented management networks
6.3.c Prioritizing network management traffic

6.4 Describe multicast routing concepts

6.4.a Source trees, shared trees
6.4.b RPF
6.4.c Rendezvous points

6.5 Design multicast services

6.5.a SSM
6.5.b PIM bidirectional
6.5.c MSDP


QUESTION 1
Which option maximizes EIGRP scalability?

A. route redistribution
B. route redundancy
C. route filtering
D. route summarization

Answer: D


QUESTION 2
To which network layer should Cisco Express Forwarding be tuned to support load balancing and to make more informed forwarding decisions?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer 5
F. Layer 6
G. Layer 7

Answer: D


QUESTION 3
Which option is the Cisco preferred, most versatile, and highest-performance way to deploy IPv6 in existing IPv4 environments?

A. dual stack
B. hybrid
C. service block
D. dual service

Answer: A


QUESTION 4
An engineer is designing an address plan. Which IPv6 prefix removes any consideration regarding the number of hosts per subnet?

A. /32
B. /48
C. /64
D. /96

Answer: C


QUESTION 5
Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?

A. VRRP
B. BGP
C. IPsec
D. SSL

Answer: B


QUESTION 6
What is the latest Cisco high-availability solution?

A. VRRP
B. HSRP
C. VSS
D. GLBP

Answer: C

Click here to view complete Q&A of 300-320 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-320 Certification, Cisco 300-320 Training at certkingdom.com

Posted in Cisco CCDP | Tagged , , , , , , , , | Leave a comment

300-209 SIMOS Implementing Cisco Secure Mobility Solutions

Exam Number 300-209 SIMOS
Associated Certifications CCNP Security
Duration 90 minutes (65 – 75 questions)
Available Languages English, Japanese

Exam Description
The Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam tests a network security engineer on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms. This 90-minute exam consists of 65–75 questions and assesses the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote access SSL VPN and site-to-site VPN (DMVPN, FlexVPN). Candidates can prepare for this exam by taking the Implementing Cisco Secure Mobility Solutions (SIMOS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Secure Communications 32%

1.1 Site-to-site VPNs on routers and firewalls
1.1.a Describe GETVPN
1.1.b Implement IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6)
1.1.c Implement DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6)
1.1.d Implement FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA

1.2 Implement remote access VPNs
1.2.a Implement AnyConnect IKEv2 VPNs on ASA and routers
1.2.b Implement AnyConnect SSLVPN on ASA and routers
1.2.c Implement clientless SSLVPN on ASA and routers
1.2.d Implement FLEX VPN on routers

2.0 Troubleshooting, Monitoring and Reporting Tools 38%

2.1 Troubleshoot VPN using ASDM & CLI
2.1.a Troubleshoot IPsec
2.1.b Troubleshoot DMVPN
2.1.c Troubleshoot FlexVPN
2.1.d Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
2.1.e Troubleshoot clientless SSLVPN on ASA and routers

3.0 Secure Communications Architectures 30%

3.1 Design site-to-site VPN solutions
3.1.a Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec
3.1.b VPN technology considerations based on functional requirements
3.1.c High availability considerations
3.1.d Identify VPN technology based on configuration output

3.2 Design remote access VPN solutions
3.2.a Identify functional components of FlexVPN, IPsec, and Clientless SSL
3.2.b VPN technology considerations based on functional requirements
3.2.c High availability considerations
3.2.d Identify VPN technology based on configuration output
3.2.e Identify AnyConnect client requirements
3.2.f Clientless SSL browser and client considerations/requirements
3.2.g Identify split tunneling requirements

3.3 Describe encryption, hashing, and Next Generation Encryption (NGE)
3.3.a Compare and contrast Symmetric and asymmetric key algorithms
3.3.b Identify and describe the cryptographic process in VPNs – Diffie-Hellman, IPsec – ESP, AH, IKEv1, IKEv2, hashing algorithms MD5 and SHA, and authentication methods
3.3.c Describe PKI components and protection methods
3.3.d Describe Elliptic Curve Cryptography (ECC)
3.3.e Compare and contrast SSL, DTLS, and TLS


 

QUESTION 2
Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

A. AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
B. IKEv2 sessions are not licensed.
C. The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
D. Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

Answer: B


QUESTION 3
Which is used by GETVPN, FlexVPN and DMVPN?

A. NHRP
B. MPLS
C. GRE
D. ESP

Answer: D


QUESTION 4
Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used?

A. stronger encryption methods
B. Network Address Translation of encrypted traffic
C. traffic management based on original source and destination addresses
D. Tunnel Endpoint Discovery

Answer: C


QUESTION 5
Which three commands are included in the command show dmvpn detail? (Choose three.)

A. show ip nhrp nhs
B. show dmvpn
C. show crypto session detail
D. show crypto ipsec sa detail
E. show crypto sockets
F. show ip nhrp

Answer: A,B,C


QUESTION 6
Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.)

A. SHA-512
B. SHA-256
C. SHA-192
D. SHA-380
E. SHA-192
F. SHA-196

Answer: A,B


QUESTION 7
Which statement about the hub in a DMVPN configuration with iBGP is true?

A. It must be a route reflector client.
B. It must redistribute EIGRP from the spokes.
C. It must be in a different AS.
D. It must be a route reflector.

Answer: D

Click here to view complete Q&A of 300-209 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-209 Certification, Cisco 300-209 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-208 SISAS Implementing Cisco Secure Access Solutions

Exam Number 300-208 SISAS
Associated Certifications CCNP Security
Duration 90 minutes (65 – 75 questions)
Available Languages English, Japanese

Exam Description
The Implementing Cisco Secure Access Solutions (SISAS) (300-208) exam tests whether a network security engineer knows the components and architecture of secure access, by utilizing 802.1X and Cisco TrustSec. This 90-minute exam consists of 65–75 questions and assesses knowledge of Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions. It also includes the fundamental concepts of bring your own device (BYOD) using posture and profiling services of ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Identity Management/Secure Access 33%
1.1 Implement device administration

1.1.a Compare and select AAA options
1.1.b TACACS+
1.1.c RADIUS
1.1.d Describe Native AD and LDAP

1.2 Describe identity management
1.2.a Describe features and functionality of authentication and authorization
1.2.b Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)
1.2.c Implement accounting

1.3 Implement wired/wireless 802.1X
1.3.a Describe RADIUS flows
1.3.b AV pairs
1.3.c EAP types
1.3.d Describe supplicant, authenticator, and server
1.3.e Supplicant options
1.3.f 802.1X phasing (monitor mode, low impact, closed mode)
1.3.g AAA server
1.3.h Network access devices

1.4 Implement MAB
1.4.a Describe the MAB process within an 802.1X framework
1.4.b Flexible authentication configuration
1.4.c ISE authentication/authorization policies
1.4.d ISE endpoint identity configuration
1.4.e Verify MAB Operation

1.5 Implement network authorization enforcement
1.5.a dACL
1.5.b Dynamic VLAN assignment
1.5.c Describe SGA
1.5.d Named ACL
1.5.e CoA

1.6 Implement Central Web Authentication (CWA)
1.6.a Describe the function of CoA to support web authentication
1.6.b Configure authentication policy to facilitate CWA
1.6.c URL redirect policy
1.6.d Redirect ACL
1.6.e Customize web portal
1.6.f Verify central web authentication operation

1.7 Implement profiling
1.7.a Enable the profiling services
1.7.b Network probes
1.7.c IOS Device Sensor
1.7.d Feed service
1.7.e Profiling policy rules
1.7.f Utilize profile assignment in authorization policies
1.7.g Verify profiling operation

1.8 Implement guest services
1.8.a Managing sponsor accounts
1.8.b Sponsor portals
1.8.c Guest portals
1.8.d Guest Policies
1.8.e Self registration
1.8.f Guest activation
1.8.g Differentiated secure access
1.8.h Verify guest services operation

1.9 Implement posture services
1.9.a Describe the function of CoA to support posture services
1.9.b Agent options
1.9.c Client provisioning policy and redirect ACL
1.9.d Posture policy
1.9.e Quarantine/remediation
1.9.f Verify posture service operation

1.10 Implement BYOD access
1.10.a Describe elements of a BYOD policy
1.10.b Device registration
1.10.c My devices portal
1.10.d Describe supplicant provisioning

2.0 Threat Defense 10%
2.1 Describe TrustSec Architecture
2.1.a SGT Classification – dynamic/static
2.1.b SGT Transport – inline tagging and SXP
2.1.c SGT Enforcement – SGACL and SGFW
2.1.d MACsec

3.0 Troubleshooting, Monitoring and Reporting Tools 7%

3.1 Troubleshoot identity management solutions

3.1.a Identify issues using authentication event details in Cisco ISE
3.1.b Troubleshoot using Cisco ISE diagnostic tools
3.1.c Troubleshoot endpoint issues
3.1.d Use debug commands to troubleshoot RADIUS and 802.1X on IOS switches and wireless controllers
3.1.e Troubleshoot backup operations

4.0 Threat Defense Architectures 17%

4.1 Design highly secure wireless solution with ISE

4.1.a Identity Management
4.1.b 802.1X
4.1.c MAB
4.1.d Network authorization enforcement
4.1.e CWA
4.1.f Profiling
4.1.g Guest Services
4.1.h Posture Services
4.1.i BYOD Access

5.0 Identity Management Architectures 33%

5.1 Device administration
5.2 Identity Management
5.3 Profiling
5.4 Guest Services
5.5 Posturing Services
5.6 BYOD Access

 

QUESTION 1
With which two appliance-based products can Cisco Prime Infrastructure integrate to perform centralized management? (Choose two.)

A. Cisco Managed Services Engine
B. Cisco Email Security Appliance
C. Cisco Wireless Location Appliance
D. Cisco Content Security Appliance
E. Cisco ISE

Answer: A,E


QUESTION 2
Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)

A. destination MAC address
B. source MAC address
C. 802.1AE header in EtherType
D. security group tag in EtherType
E. integrity check value
F. CRC/FCS

Answer: C,E


QUESTION 3
Which three statements about the Cisco wireless IPS solution are true? (Choose three.)

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.
B. It detects spoofed MAC addresses.
C. It identifies potential RF jamming attacks.
D. It protects against frame and device spoofing.
E. It allows the WLC to failover because of congestion.

Answer: B,C,D


QUESTION 4
In AAA, what function does authentication perform?

A. It identifies the actions that the user can perform on the device.
B. It identifies the user who is trying to access a device.
C. It identifies the actions that a user has previously taken.
D. It identifies what the user can access.

Answer: B


QUESTION 5
Which two EAP types require server side certificates? (Choose two.)

A. EAP-TLS
B. PEAP
C. EAP-MD5
D. LEAP
E. EAP-FAST
F. MSCHAPv2

Answer: A,B

Click here to view complete Q&A of 300-208 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-208 Certification, Cisco 300-208 Training at certkingdom.com

 

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-207 SITCS Implementing Cisco Threat Control Solutions

Exam Number 300-207 SITCS
Associated Certifications CCNP Security
Duration 90 minutes (65 – 75 questions)
Available Languages English, Japanese

Exam Description
The Implementing Cisco Threat Control Solutions (SITCS) (300-207) exam tests a network security engineer on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies. This 90-minute exam consists of 65–75 questions and covers integration of Intrusion Prevention System (IPS) and context-aware firewall components, as well as Web (Cloud) and Email Security solutions. Candidates can prepare for this exam by taking the Implementing Cisco Threat Control Solutions (SITCS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Content Security 22%

1.1 Cisco ASA 5500-X NGFW Security Services

1.1.a Describe features and functionality
1.1.b Implement web usage control (URL-filtering, reputation based, file filtering)
1.1.c Implement AVC
1.1.d Implement decryption policies
1.1.e Describe traffic redirection and capture methods

1.2 Cisco Cloud Web Security

1.2.a Describe features and functionality
1.2.b Implement IOS and ASA connectors
1.2.c Implement AnyConnect web security module
1.2.d Describe web usage control
1.2.e Implement AVC
1.2.f Implement anti-malware
1.2.g Describe decryption policies

1.3 Cisco WSA

1.3.a Describe features and functionality
1.3.b Implement data security
1.3.c Implement WSA Identity and Authentication, including Transparent User Identification
1.3.d Describe web usage control
1.3.e Implement AVC
1.3.f Implement anti-malware
1.3.g Describe decryption policies
1.3.h Describe traffic redirection and capture methods (Explicit Proxy vs. Transparent Proxy)

1.4 Cisco ESA

1.4.a Describe features and functionality
1.4.b Implement email encryption
1.4.c Implement anti-spam policies
1.4.d Implement virus outbreak filter
1.4.e Implement DLP policies
1.4.f Implement anti-malware
1.4.g Implement inbound and outbound mail policies and authentication
1.4.h Describe traffic redirection and capture methods

2.0 Threat Defense 23%

2.1 Network IPS

2.1.a Implement traffic redirection and capture methods
2.1.b Implement network IPS deployment modes
2.1.c Describe signatures engines
2.1.d Implement event actions & overrides/filters
2.1.e Implement anomaly detection
2.1.f Implement risk ratings
2.1.g Describe IOS IPS

2.2 Configure device hardening per best practices

2.2.a IPS
2.2.b Content Security appliances

3.0 Devices GUIs and Secured CLI 16%

3.1 Content Security

3.1.a Implement HTTPS and SSH access
3.1.b Describe configuration elements
3.1.c Implement ESA GUI for message tracking

4.0 Troubleshooting, Monitoring and Reporting Tools 19%

4.1 Configure IME and IP logging for IPS

4.2 Content Security

4.2.a Describe reporting functionality
4.2.b Implement the WSA Policy Trace tool
4.2.c Implement the ESA Message Tracking tool
4.2.d Implement the ESA Trace tool
4.2.e Use web interface to verify traffic is being redirected to CWS
4.2.f Use CLI on IOS to verify CWS operations
4.2.g Use CLI on ASA to verify CWS operations
4.2.h Use the PRSM Event Viewer to verify ASA NGFW operations
4.2.i Describe the PRSM Dashboards and Reports

4.3 Monitor Cisco Security IntelliShield

4.3.a Describe at a high level the features of the Cisco Security IntelliShield Alert Manager Service

5.0 Threat Defense Architectures 8%

5.1 Design IPS solution

5.1.a Deploy Inline or Promiscuous
5.1.b Deploy as IPS appliance, IPS software or hardware module or IOS IPS
5.1.c Describe methods of IPS appliance load-balancing
5.1.d Describe the need for Traffic Symmetry
5.1.e Inline modes comparison – inline interface pair, inline VLAN pair, and inline VLAN group
5.1.f Management options

6.0 Content Security Architectures 12%

6.1 Design Web Security solution

6.1.a Compare ASA NGFW vs. WSA vs. CWS
6.1.b Compare Physical WSA vs. Virtual WSA
6.1.c List available CWS connectors

6.2 Design Email Security solution

6.2.a Compare Physical ESA vs. Virtual ESA
6.2.b Describe Hybrid mode

6.3 Design Application Security solution

6.3.a Describe the need for application visibility and control


QUESTION 1
During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP
fails by using which command in a policy-map?

A. cxsc fail
B. cxsc fail-close
C. cxsc fail-open
D. cxssp fail-close

Answer: B

Explanation:


QUESTION 2
A network engineer may use which three types of certificates when implementing HTTPS
decryption services on the ASA CX? (Choose three.)

A. Self Signed Server Certificate
B. Self Signed Root Certificate
C. Microsoft CA Server Certificate
D. Microsoft CA Subordinate Root Certificate
E. LDAP CA Server Certificate
F. LDAP CA Root Certificate
G. Public Certificate Authority Server Certificate
H. Public Certificate Authority Root Certificate

Answer: B,D,F

Explanation:


QUESTION 3
Cisco’s ASA CX includes which two URL categories? (Choose two.)

A. Proxy Avoidance
B. Dropbox
C. Hate Speech
D. Facebook
E. Social Networking
F. Instant Messaging and Video Messaging

Answer: C,E

Explanation:


QUESTION 4
A Cisco Web Security Appliance’s policy can provide visibility and control of which two elements?
(Choose two.)

A. Voice and Video Applications
B. Websites with a reputation between -100 and -60
C. Secure websites with certificates signed under an unknown CA
D. High bandwidth websites during business hours

Answer: C,D

Explanation:


QUESTION 5
Which Cisco Web Security Appliance design requires minimal change to endpoint devices?

A. Transparent Mode
B. Explicit Forward Mode
C. Promiscuous Mode
D. Inline Mode

Answer: A

Explanation:

 

Click here to view complete Q&A of 300-207 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-207 Certification, Cisco 300-207 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-206 SENSS Implementing Cisco Edge Network Security Solutions

Exam Number 300-206 SENSS
Associated Certifications CCNP Security
Duration 90 minutes (65 – 75 questions)
Available Languages English, Japanese

Exam Description
The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall. This 90-minute exam consists of 65-75 questions and focuses on the technologies used to strengthen security of a network perimeter such as Network Address Translation (NAT), ASA policy and application inspect, and a zone-based firewall on Cisco routers. Candidates can prepare for this exam by taking the Cisco Edge Network Security (SENSS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Threat Defense 25%
1.1 Implement firewall (ASA or IOS depending on which supports the implementation)

1.1.a Implement ACLs
1.1.b Implement static/dynamic NAT/PAT
1.1.c Implement object groups
1.1.d Describe threat detection features
1.1.e Implement botnet traffic filtering
1.1.f Configure application filtering and protocol inspection
1.1.g Describe ASA security contexts

1.2 Implement Layer 2 Security

1.2.a Configure DHCP snooping
1.2.b Describe dynamic ARP inspection
1.2.c Describe storm control
1.2.d Configure port security
1.2.e Describe common Layer 2 threats and attacks and mitigation
1.2.f Describe MACSec
1.2.g Configure IP source verification

1.3 Configure device hardening per best practices

1.3.a Routers
1.3.b Switches
1.3.c Firewalls

2.0 Cisco Security Devices GUIs and Secured CLI Management 25%

2.1 Implement SSHv2, HTTPS, and SNMPv3 access on the network devices

2.2 Implement RBAC on the ASA/IOS using CLI and ASDM

2.3 Describe Cisco Prime Infrastructure

2.3.a Functions and use cases of Cisco Prime
2.3.b Device Management

2.4 Describe Cisco Security Manager (CSM)

2.4.a Functions and use cases of CSM
2.4.b Device Management

2.5 Implement Device Managers

2.5.a Implement ASA firewall features using ASDM

3.0 Management Services on Cisco Devices 12%

3.1 Configure NetFlow exporter on Cisco Routers, Switches, and ASA

3.2 Implement SNMPv3

3.2.a Create views, groups, users, authentication, and encryption

3.3 Implement logging on Cisco Routers, Switches, and ASA using Cisco best practices

3.4 Implement NTP with authentication on Cisco Routers, Switches, and ASA

3.5 Describe CDP, DNS, SCP, SFTP, and DHCP

3.5.a Describe security implications of using CDP on routers and switches
3.5.b Need for dnssec

4.0 Troubleshooting, Monitoring and Reporting Tools 10%

4.1 Monitor firewall using analysis of packet tracer, packet capture, and syslog

4.1.a Analyze packet tracer on the firewall using CLI/ASDM
4.1.b Configure and analyze packet capture using CLI/ASDM
4.1.c Analyze syslog events generated from ASA

5.0 Threat Defense Architectures 16%

5.1 Design a Firewall Solution

5.1.a High-availability
5.1.b Basic concepts of security zoning
5.1.c Transparent & Routed Modes
5.1.d Security Contexts

5.2 Layer 2 Security Solutions

5.2.a Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
5.2.b Describe best practices for implementation
5.2.c Describe how PVLANs can be used to segregate network traffic at Layer 2

6.0 Security Components and Considerations 12%

6.1 Describe security operations management architectures

6.1.a Single device manager vs. multi-device manager

6.2 Describe Data Center security components and considerations

6.2.a Virtualization and Cloud security

6.3 Describe Collaboration security components and considerations

6.3.a Basic ASA UC Inspection features

6.4 Describe common IPv6 security considerations

6.4.a Unified IPv6/IPv4 ACL on the ASA


QUESTION 1
All 30 users on a single floor of a building are complaining about network slowness. After
investigating the access switch, the network administrator notices that the MAC address table is
full (10,000 entries) and all traffic is being flooded out of every port. Which action can the
administrator take to prevent this from occurring?

A. Configure port-security to limit the number of mac-addresses allowed on each port
B. Upgrade the switch to one that can handle 20,000 entries
C. Configure private-vlans to prevent hosts from communicating with one another
D. Enable storm-control to limit the traffic rate
E. Configure a VACL to block all IP traffic except traffic to and from that subnet

Answer: A

Explanation:


QUESTION 2
A network printer has a DHCP server service that cannot be disabled. How can a layer 2 switch be
configured to prevent the printer from causing network issues?

A. Remove the ip helper-address
B. Configure a Port-ACL to block outbound TCP port 68
C. Configure DHCP snooping
D. Configure port-security

Answer: C

Explanation:


QUESTION 3
A switch is being configured at a new location that uses statically assigned IP addresses. Which
will ensure that ARP inspection works as expected?

A. Configure the ‘no-dhcp’ keyword at the end of the ip arp inspection command
B. Enable static arp inspection using the command ‘ip arp inspection static vlan vlan-number
C. Configure an arp access-list and apply it to the ip arp inspection command
D. Enable port security

Answer: C

Explanation:


QUESTION 4
Which of the following would need to be created to configure an application-layer inspection of
SMTP traffic operating on port 2525?

A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class
in the global inspection policy
B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy
C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the
inspect option
D. A class-map that matches port 2525 and applying it on an access-list using the inspect option

Answer: A

Explanation:


QUESTION 5
Which command is used to nest objects in a pre-existing group?

A. object-group
B. network group-object
C. object-group network
D. group-object

Answer: D

Explanation:

Click here to view complete Q&A of 300-206 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-206 Certification, Cisco 300-206 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , | Leave a comment

300-135 TSHOOT

Troubleshooting and Maintaining Cisco IP Networks (TSHOOT)
Exam Number 300-135 TSHOOT
Associated Certifications CCNP Routing and Switching
Duration 120 minutes (15-25 questions)
Available Languages English, Japanese

Troubleshooting and Maintaining Cisco IP Networks (TSHOOT 300-135) is a qualifying exam for the Cisco CCNP Routing and Switching certification. The TSHOOT 300-135 exam certifies that the successful candidate has the knowledge and skills necessary to:

Plan and perform regular maintenance on complex enterprise routed and switched networks
Use technology-based practices and a systematic ITIL-compliant approach to perform network troubleshooting

Exam Description

Troubleshooting and Maintaining Cisco IP Networks (TSHOOT 300-135) is a 120-minute qualifying exam with 15‒25 questions for the Cisco CCNP Routing and Switching certification. The TSHOOT 300-135 exam certifies that the successful candidate has the knowledge and skills necessary to:

Plan and perform regular maintenance on complex enterprise routed and switched networks
Use technology-based practices and a systematic ITIL-compliant approach to perform network troubleshooting

The following topics are general guidelines for the content that is likely to be included on the exam. However, other related topics may also appear on any specific version of the exam. To better reflect the contents of the exam and for clarity, the following guidelines may change at any time without notice.

Subscribe to Cisco Learning Network Premium and access the most comprehensive e-learning training, resources and tools you’ll need to prepare for your CCENT, CCNA and CCNP Routing and Switching certifications.

1.0 Network Principles 5%

1.1 Use Cisco IOS troubleshooting tools

1.1.a Debug, conditional debug
1.1.b Ping and trace route with extended options

1.2 Apply troubleshooting methodologies

1.2.a Diagnose the root cause of networking issues (analyze symptoms, identify and describe root cause)
1.2.b Design and implement valid solutions
1.2.c Verify and monitor resolution

2.0 Layer 2 Technologies 40%

2.1 Troubleshoot switch administration

2.1.a SDM templates
2.1.b Managing MAC address table
2.1.c Troubleshoot Err-disable recovery

2.2 Troubleshoot Layer 2 protocols

2.2.a CDP, LLDP
2.2.b UDLD

2.3 Troubleshoot VLANs

2.3.a Access ports
2.3.b VLAN database
2.3.c Normal, extended VLAN, voice VLAN

2.4 Troubleshoot trunking

2.4.a VTPv1, VTPv2, VTPv3, VTP pruning
2.4.b dot1Q
2.4.c Native VLAN
2.4.d Manual pruning

2.5 Troubleshoot EtherChannels

2.5.a LACP, PAgP, manual
2.5.b Layer 2, Layer 3
2.5.c Load balancing
2.5.d EtherChannel misconfiguration guard

2.6 Troubleshoot spanning tree

2.6.a PVST+, RPVST +, MST
2.6.b Switch priority, port priority, path cost, STP timers
2.6.c PortFast, BPDUguard, BPDUfilter
2.6.d Loopguard, Rootguard

2.7 Troubleshoot other LAN switching technologies

2.7.a SPAN, RSPAN

2.8 Troubleshoot chassis virtualization and aggregation technologies

2.8.a Stackwise

3.0 Layer 3 Technologies 40%

3.1 Troubleshoot IPv4 addressing and subnetting

3.1.a Address types (Unicast, broadcast, multicast, and VLSM)
3.1.b ARP
3.1.c DHCP relay and server
3.1.d DHCP protocol operations

3.2 Troubleshoot IPv6 addressing and subnetting

3.2.a Unicast
3.2.b EUI-64
3.2.c ND, RS/RA
3.2.d Autoconfig (SLAAC)
3.2.e DHCP relay and server
3.2.f DHCP protocol operations

3.3 Troubleshoot static routing

3.4 Troubleshoot default routing

3.5 Troubleshoot administrative distance

3.6 Troubleshoot passive interfaces

3.7 Troubleshoot VRF lite

3.8 Troubleshoot filtering with any protocol

3.9 Troubleshoot between any routing protocols or routing sources

3.10 Troubleshoot manual and autosummarization with any routing protocol

3.11 Troubleshoot policy-based routing

3.12 Troubleshoot suboptimal routing

3.13 Troubleshoot loop prevention mechanisms

3.13.a Route tagging, filtering
3.13.b Split-horizon
3.13.c Route poisoning

3.14 Troubleshoot RIPv2

3.15 Troubleshoot EIGRP neighbor relationship and authentication

3.16 Troubleshoot loop free path selection

3.16.a RD, FD, FC, successor, feasible successor

3.17 Troubleshoot EIGPR operations

3.17.a Stuck in active

3.18 Troubleshoot EIGRP stubs

3.19 Troubleshoot EIGRP load balancing

3.19.a Equal cost
3.19.b Unequal cost

3.20 Troubleshoot EIGRP metrics

3.21 Troubleshoot EIGRP for IPv6

3.22 Troubleshoot OSPF neighbor relationship and authentication

3.23 Troubleshoot network types, area types, and router types

3.23.a Point-to-point, multipoint, broadcast, nonbroadcast
3.23.b LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
3.23.c Internal router, backbone router, ABR, ASBR
3.23.d Virtual link

3.24 Troubleshoot OSPF path preference

3.25 Troubleshoot OSPF operations

3.26 Troubleshoot OSPF for IPv6

3.27 Troubleshoot BGP peer relationships and authentication

3.27.a Peer group
3.27.b Active, passive
3.27.c States and timers

3.28 Troubleshoot eBGP

3.28.a eBGP
3.28.b 4-byte AS number
3.28.c Private AS

4.0 VPN Technologies 5%
4.1 Troubleshoot GRE

5.0 Infrastructure Security 5%

5.1 Troubleshoot IOS AAA using local database

5.2 Troubleshoot device access control

5.2.a Lines (VTY, AUX, console)
5.2.b Management plane protection
5.2.c Password encryption

5.3 Troubleshoot router security features

5.3.a IPv4 access control lists (standard, extended, time-based)
5.3.b IPv6 traffic filter
5.3.c Unicast reverse path forwarding

6.0 Infrastructure Services 5%

6.1 Troubleshoot device management

6.1.a Console and VTY
6.1.b Telnet, HTTP, HTTPS, SSH, SCP
6.1.c (T) FTP

6.2 Troubleshoot SNMP

6.2.a v2
6.2.b v3

6.3 Troubleshoot logging

6.3.a Local logging, syslog, debugs, conditional debugs
6.3.b Timestamps

6.4 Troubleshoot Network Time Protocol(NTP)

6.4.a NTP master, client, version 3, version 4
6.4.b NTP authentication

6.5 Troubleshoot IPv4 and IPv6 DHCP

6.5.a DHCP client, IOS DHCP server, DHCP relay
6.5.b DHCP options (describe)

6.6 Troubleshoot IPv4 Network Address Translation (NAT)

6.6.a Static NAT, Dynamic NAT, PAT

6.7 Troubleshoot SLA architecture

6.8 Troubleshoot tracking objects

6.8.a Tracking objects
6.8.b Tracking different entities (for example, interfaces, IPSLA results)


QUESTION 1
Exhibit:

A network administrator is troubleshooting an EIGRP connection between RouterA, IP address
10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two
statements are true? (Choose two.)

A. RouterA received a hello packet with mismatched autonomous system numbers.
B. RouterA received a hello packet with mismatched hello timers.
C. RouterA received a hello packet with mismatched authentication parameters.
D. RouterA received a hello packet with mismatched metric-calculation mechanisms.
E. RouterA will form an adjacency with RouterB.
F. RouterA will not form an adjacency with RouterB.

Answer: D,F

Explanation:


QUESTION 2
When troubleshooting an EIGRP connectivity problem, you notice that two connected EIGRP
routers are not becoming EIGRP neighbors. A ping between the two routers was successful. What
is the next thing that should be checked?

A. Verify that the EIGRP hello and hold timers match exactly.
B. Verify that EIGRP broadcast packets are not being dropped between the two routers with the
show ip EIGRP peer command.
C. Verify that EIGRP broadcast packets are not being dropped between the two routers with the
show ip EIGRP traffic command.
D. Verify that EIGRP is enabled for the appropriate networks on the local and neighboring router.

Answer: D

Explanation:


QUESTION 3
Refer to the exhibit.

How would you confirm on R1 that load balancing is actually occurring on the default-network
(0.0.0.0)?

A. Use ping and the show ip route command to confirm the timers for each default network resets
to 0.
B. Load balancing does not occur over default networks; the second route will only be used for
failover.
C. Use an extended ping along with repeated show ip route commands to confirm the gateway of
last resort address toggles back and forth.
D. Use the traceroute command to an address that is not explicitly in the routing table.

Answer: D

Explanation:


QUESTION 4
Which IPsec mode will encrypt a GRE tunnel to provide multiprotocol support and reduced
overhead?

A. 3DES
B. multipoint GRE
C. tunnel
D. transport

Answer: D

Explanation:


QUESTION 5
Which three features are benefits of using GRE tunnels in conjunction with IPsec for building siteto-
site VPNs? (Choose three.)

A. allows dynamic routing over the tunnel
B. supports multi-protocol (non-IP) traffic over the tunnel
C. reduces IPsec headers overhead since tunnel mode is used
D. simplifies the ACL used in the crypto map
E. uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration

Answer: A,B,D

Explanation:

 

Click here to view complete Q&A of 300-135 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-135 Certification, Cisco 300-135 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , | Leave a comment

300-115 SWITCH Implementing Cisco IP Switched Networks

300-115 SWITCH
Implementing Cisco IP Switched Networks

Exam Number 300-115 SWITCH
Associated Certifications CCNP Routing and Switching, CCDP
Duration 120 minutes (30-40 questions)
Available Languages English, Japanese

Exam Description
Implementing Cisco IP Switched Networks (SWITCH 300-115) is a 120-minute qualifying exam with 45‒55 questions for the Cisco CCNP Routing and Switching and CCDP certifications. The SWITCH 300-115 exam certifies the switching knowledge and skills of successful candidates. They are certified in planning, configuring, and verifying the implementation of complex enterprise switching solutions that use the Cisco Enterprise Campus Architecture.

The SWITCH exam also covers highly secure integration of VLANs and WLANs.
The following topics are general guidelines for the content that is likely to be included on the exam. However, other related topics may also appear on any specific version of the exam. To better reflect the contents of the exam and for clarity, the following guidelines may change at any time without notice.

Subscribe to Cisco Learning Network Premium and access the most comprehensive e-learning training, resources and tools you’ll need to prepare for your CCENT, CCNA and CCNP Routing and Switching certifications.

1.0 Layer 2 Technologies 65%

1.1 Configure and verify switch administration

1.1.a SDM templates
1.1.b Managing MAC address table
1.1.c Troubleshoot Err-disable recovery

1.2 Configure and verify Layer 2 protocols

1.2.a CDP, LLDP
1.2.b UDLD

1.3 Configure and verify VLANs

1.3.a Access ports
1.3.b VLAN database
1.3.c Normal, extended VLAN, voice VLAN

1.4 Configure and verify trunking

1.4.a VTPv1, VTPv2, VTPv3, VTP pruning
1.4.b dot1Q
1.4.c Native VLAN
1.4.d Manual pruning

1.5 Configure and verify EtherChannels

1.5.a LACP, PAgP, manual
1.5.b Layer 2, Layer 3
1.5.c Load balancing
1.5.d EtherChannel misconfiguration guard

1.6 Configure and verify spanning tree

1.6.a PVST+, RPVST+, MST
1.6.b Switch priority, port priority, path cost, STP timers
1.6.c PortFast, BPDUguard, BPDUfilter
1.6.d Loopguard and Rootguard

1.7 Configure and verify other LAN switching technologies

1.7.a SPAN, RSPAN

1.8 Describe chassis virtualization and aggregation technologies

1.8.a Stackwise

2.0 Infrastructure Security 20%

2.1 Configure and verify switch security features

2.1.a DHCP snooping
2.1.b IP Source Guard
2.1.c Dynamic ARP inspection
2.1.d Port security
2.1.e Private VLAN
2.1.f Storm control

2.2 Describe device security using Cisco IOS AAA with TACACS+ and RADIUS

2.2.a AAA with TACACS+ and RADIUS
2.2.b Local privilege authorization fallback

3.0 Infrastructure Services 15%

3.1 Configure and verify first-hop redundancy protocols

3.1.a HSRP
3.1.b VRRP
3.1.c GLBP
QUESTION 1
Which four LACP components are used to determine which hot-standby links become active after an interface failure within an EtherChannel bundle? (Choose four.)

A. LACP system priority
B. LACP port priority
C. interface MAC address
D. system ID
E. port number
F. hot-standby link identification number
G. interface bandwidth

Answer: A,B,D,E


QUESTION 2
A network engineer is extending a LAN segment between two geographically separated data centers. Which enhancement to a spanning-tree design prevents unnecessary traffic from crossing the extended LAN segment?

A. Modify the spanning-tree priorities to dictate the traffic flow.
B. Create a Layer 3 transit VLAN to segment the traffic between the sites.
C. Use VTP pruning on the trunk interfaces.
D. Configure manual trunk pruning between the two locations.

Answer: C


QUESTION 3
Which technique automatically limits VLAN traffic to only the switches that require it?

A. access lists
B. DTP in nonegotiate
C. VTP pruning
D. PBR

Answer: C


QUESTION 4
Which command correctly configures standby tracking for group 1 using the default decrement priority value?

A. standby 1 track 100
B. standby 1 track 100 decrement 1
C. standby 1 track 100 decrement 5
D. standby 1 track 100 decrement 20

Answer: A


QUESTION 5
What two things occur when an RSTP edge port receives a BPDU? (Choose two.)

A. The port immediately transitions to the forwarding state.
B. The switch generates a Topology Change Notification BPDU.
C. The port immediately transitions to the err-disable state.
D. The port becomes a normal STP switch port.

Answer: B,D

Click here to view complete Q&A of 300-115 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-115 Certification, Cisco 300-115 Training at certkingdom.com

 

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-101 ROUTE Implementing Cisco IP Routing

Exam Number 300-101 ROUTE
Associated Certifications CCNP Routing and Switching CCDP
Duration 120 minutes (45-65 questions)

Implementing Cisco IP Routing (ROUTE 300-101) is a qualifying exam for the Cisco CCNP Routing and Switching and CCDP certifications. The ROUTE 300-101 exam certifies the routing knowledge and skills of successful candidates. They are certified in using advanced IP addressing and routing in implementing scalable and highly secure Cisco routers that are connected to LANs, WANs, and IPv6.

The exam also covers the configuration of highly secure routing solutions to support branch offices and mobile workers.

Exam Description
Implementing Cisco IP Routing (ROUTE 300-101) is a 120-minute qualifying exam with 50‒60 questions for the Cisco CCNP Routing and Switching and CCDP certifications. The ROUTE 300-101 exam certifies the routing knowledge and skills of successful candidates. They are certified in using advanced IP addressing and routing in implementing scalable and highly secure Cisco routers that are connected to LANs, WANs, and IPv6.

The exam also covers the configuration of highly secure routing solutions to support branch offices and mobile workers.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Subscribe to Cisco Learning Network Premium and access the most comprehensive e-learning training, resources and tools you’ll need to prepare for your CCENT, CCNA and CCNP Routing and Switching certifications.

1.0 Network Principles 10%
1.1 Identify Cisco Express Forwarding concepts
1.1.a FIB
1.1.b Adjacency table

1.2 Explain general network challenges
1.2.a Unicast
1.2.b Out-of-order packets
1.2.c Asymmetric routing

1.3 Describe IP operations
1.3.a ICMP Unreachable and Redirects
1.3.b IPv4 and IPv6 fragmentation
1.3.c TTL

1.4 Explain TCP operations
1.4.a IPv4 and IPv6 (P)MTU
1.4.b MSS
1.4.c Latency
1.4.d Windowing
1.4.e Bandwidth-delay product
1.4.f Global synchronization

1.5 Describe UDP operations
1.5.a Starvation
1.5.b Latency

1.6 Recognize proposed changes to the network
1.6.a Changes to routing protocol parameters
1.6.b Migrate parts of the network to IPv6
1.6.c Routing protocol migration

2.0 Layer 2 Technologies 10%
2.1 Configure and verify PPP
2.1.a Authentication (PAP, CHAP)
2.1.b PPPoE (client side only)
2.2 Explain Frame Relay
2.2.a Operations
2.2.b Point-to-point
2.2.c Multipoint

3.0 Layer 3 Technologies 40%
3.1 Identify, configure, and verify IPv4 addressing and subnetting

3.1.a Address types (Unicast, broadcast, multicast, and VLSM)
3.1.b ARP
3.1.c DHCP relay and server
3.1.d DHCP protocol operations

3.2 Identify IPv6 addressing and subnetting

3.2.a Unicast
3.2.b EUI-64
3.2.c ND, RS/RA
3.2.d Autoconfig (SLAAC)
3.2.e DHCP relay and server
3.2.f DHCP protocol operations

3.3 Configure and verify static routing

3.4 Configure and verify default routing

3.5 Evaluate routing protocol types

3.5.a Distance vector
3.5.b Link state
3.5.c Path vector

3.6 Describe administrative distance

3.7 Troubleshoot passive interfaces

3.8 Configure and verify VRF lite

3.9 Configure and verify filtering with any protocol

3.10 Configure and verify redistribution between any routing protocols or routing sources

3.11 Configure and verify manual and autosummarization with any routing protocol

3.12 Configure and verify policy-based routing

3.13 Identify suboptimal routing

3.14 Explain ROUTE maps

3.15 Configure and verify loop prevention mechanisms

3.15.a Route tagging and filtering
3.15.b Split-horizon
3.15.c Route poisoning

3.16 Configure and verify RIPv2

3.17 Describe RIPng

3.18 Describe EIGRP packet types

3.19 Configure and verify EIGRP neighbor relationship and authentication

3.20 Configure and verify EIGRP stubs

3.21 Configure and verify EIGRP load balancing

3.21.a Equal cost
3.21.b Unequal cost

3.22 Describe and optimize EIGRP metrics

3.23 Configure and verify EIGRP for IPv6

3.24 Describe OSPF packet types

3.25 Configure and verify OSPF neighbor relationship and authentication

3.26 Configure and verify network types, area types, and router types

3.26.a Point-to-point, multipoint, broadcast, nonbroadcast
3.26.b LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
3.26.c Internal router, backbone router, ABR, ASBR
3.26.d Virtual link

3.27 Configure and verify OSPF path preference

3.28 Configure and verify OSPF operations

3.29 Configure and verify OSPF for IPv6

3.30 Describe, configure, and verify BGP peer relationships and authentication

3.30.a Peer group
3.30.b Active, passive
3.30.c States and timers

3.31 Configure and verify eBGP (IPv4 and IPv6 address families)

3.31.a eBGP
3.31.b 4-byte AS number
3.31.c Private AS

3.32 Explain BGP attributes and best-path selection

4.0 VPN Technologies 10%

4.1 Configure and verify GRE

4.2 Describe DMVPN (single hub)

4.3 Describe Easy Virtual Networking (EVN)

5.0 Infrastructure Security 10%

5.1 Describe IOS AAA using local database

5.2 Describe device security using IOS AAA with TACACS+ and RADIUS

5.2.a AAA with TACACS+ and RADIUS
5.2.b Local privilege authorization fallback

5.3 Configure and verify device access control

5.3.a Lines (VTY, AUX, console)
5.3.b Management plane protection
5.3.c Password encryption

5.4 Configure and verify router security features

5.4.a IPv4 access control lists (standard, extended, time-based)
5.4.b IPv6 traffic filter
5.4.c Unicast reverse path forwarding

6.0 Infrastructure Services 20%

6.1 Configure and verify device management

6.1.a Console and VTY
6.1.b Telnet, HTTP, HTTPS, SSH, SCP
6.1.c (T)FTP

6.2 Configure and verify SNMP

6.2.a v2
6.2.b v3

6.3 Configure and verify logging

6.3.a Local logging, syslog, debugs, conditional debugs
6.3.b Timestamps

6.4 Configure and verify Network Time Protocol (NTP)

6.4.a NTP master, client, version 3, version 4
6.4.b NTP authentication

6.5 Configure and verify IPv4 and IPv6 DHCP

6.5.a DHCP client, IOS DHCP server, DHCP relay
6.5.b DHCP options (describe)

6.6 Configure and verify IPv4 Network Address Translation (NAT)

6.6.a Static NAT, dynamic NAT, PAT

6.7 Describe IPv6 NAT

6.7.a NAT64
6.7.b NPTv6

6.8 Describe SLA architecture

6.9 Configure and verify IP SLA

6.9.a ICMP

6.10 Configure and verify tracking objects

6.10.a Tracking objects
6.10.b Tracking different entities (for example, interfaces, IPSLA results)

6.11 Configure and verify Cisco NetFlow

6.11.a NetFlow v5, v9
6.11.b Local retrieval
6.11.c Export (configuration only)


QUESTION 1
Which three problems result from application mixing of UDP and TCP streams within a network with no QoS? (Choose three.)

A. starvation
B. jitter
C. latency
D. windowing
E. lower throughput

Answer: A,C,E


QUESTION 2
Which statement about the use of tunneling to migrate to IPv6 is true?

A. Tunneling is less secure than dual stack or translation.
B. Tunneling is more difficult to configure than dual stack or translation.
C. Tunneling does not enable users of the new protocol to communicate with users of the old protocol without dual-stack hosts.
D. Tunneling destinations are manually determined by the IPv4 address in the low-order 32 bits of IPv4-compatible IPv6 addresses.

Answer: C


QUESTION 3
Which two actions must you perform to enable and use window scaling on a router? (Choose two.)

A. Execute the command ip tcp window-size 65536.
B. Set window scaling to be used on the remote host.
C. Execute the command ip tcp queuemax.
D. Set TCP options to “enabled” on the remote host.
E. Execute the command ip tcp adjust-mss.

Answer: A,B


QUESTION 4
A network administrator executes the command clear ip route. Which two tables does this command clear and rebuild? (Choose two.)

A. IP routing
B. FIB
C. ARP cache
D. MAC address table
E. Cisco Express Forwarding table
F. topology table

Answer: A,B


QUESTION 5
Under which condition does UDP dominance occur?

A. when TCP traffic is in the same class as UDP
B. when UDP flows are assigned a lower priority queue
C. when WRED is enabled
D. when ACLs are in place to block TCP traffic

Answer: A

 

Click here to view complete Q&A of 300-101 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-101 Certification, Cisco 300-101 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-085 CAPPS Implementing Cisco Collaboration Application v1.0

Exam Number 300-085 CAPPS
Associated Certifications CCNP Collaboration
Duration 75 Minutes (55 – 65 questions)
Available Languages English

This exam tests candidates on the integration options of Cisco Unified IM and Presence, Cisco Unity Express, Cisco Unity Connection, Cisco Prime Collaboration, and Cisco TelePresence Management Suite in a Cisco Unified Collaboration solution. It covers voice messaging deployment scenarios, Cisco Unified IM and Presence features, and the implementation of Cisco Jabber. The exam also covers Cisco Prime Collaboration features and the role of Cisco TelePresence Management Suite in a Cisco Unified Collaboration solution.

Exam Description
The Implementing Cisco Collaboration Applications (CAPPS) exam is a 75 minute 55-65 question assessment that tests candidates on the integration options of Cisco Unified IM and Presence, Cisco Unity Express, Cisco Unity Connection, Cisco Prime Collaboration, and Cisco TelePresence Management Suite in a Cisco Unified Collaboration solution. It covers voice messaging deployment scenarios, Cisco Unified IM and Presence features, and the implementation of Cisco Jabber. The exam also covers Cisco Prime Collaboration features and the role of Cisco TelePresence Management Suite in a Cisco Unified Collaboration solution.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 TMS 15%
1.1 Describe the Operation of TMS management and functions (conference control center, reporting, etc.)
1.2 Use TMS to setup and establish calls

2.0 Provisioning (TMS) 14%
2.1 Understand system components for provisioning
2.2 Configure the VCS and TMS to enable provisioning

3.0 Cisco Jabber 18%
3.1 Configure Cisco Jabber on UCM/Presence
3.2 Configure UDS for Cisco Jabber
3.3 Configure VCS Control and TMS for Cisco Jabber Video for TelePresence and other Cisco Jabber clients for collaboration edge deployments
3.4 Explain how Presence works and its role with VCS or Expressway
3.5 Configure BFCP (desktop sharing)

4.0 Configure Cisco Unity Connection 25%
4.1 Integrate Cisco Unity Connection and Cisco Unified Communications Manager
4.2 Configure Cisco Unity Connection system settings
4.3 Describe call management options
4.4 Configure call routing options
4.5 Configure Cisco Unity Connection partitions and search spaces
4.6 Configure account policies, subscriber classes of service, and subscriber templates
4.7 Import user accounts into Cisco Unity Connection
4.8 Configure Cisco Unity Connection video features
4.9 Troubleshoot Cisco Unity Connection

5.0 Configure Cisco Unity Express Using the GUI 10%
5.1 Integrate Cisco Unity Express and Cisco Unified Communications Manager Express
5.2 Configure Cisco Unity Express system settings
5.3 Configure call routing options
5.4 Configure auto attendant
5.5 Configure account policies, subscriber classes of service, and subscriber templates
5.6 Import user accounts into Cisco Unity Express from Cisco Unified Communications Manager Express
5.7 Troubleshoot Cisco Unity Express

6.0 Implement IM and Presence Solution 18%
6.1 Describe the function and operation of Cisco Unified IM and Presence
6.2 Describe Cisco Unified IM and Presence solution components
6.3 Describe the Cisco Unified IM and Presence solution communication flows
6.4 Configure Cisco Unified Communications Manager for integration with Cisco Unified IM and Presence
6.5 Troubleshoot Cisco Unified IM and Presence


QUESTION 1
Refer to the exhibit.


Which statement about the jabber-config.xml partial output is true?

A. 10.255.10.10 is the LDAP server address.
B. The client connects to the directory server by using SSH.
C. 10.255.10.10 is the Cisco Unified Communications Manager IM and Presence Service address.
D. The client connects to the directory server by using HTTPS.

Answer: D


QUESTION 2
Which parameter is used to accommodate the local dial plan in Cisco Unity Connection when the Voice Profile for Internet Mail location is configured?

A. Remote Phone Prefix
B. Simple Mail Transfer Protocol Domain Name
C. IP Address
D. Display Name
E. Dial ID
F. Route Patterns

Answer: A


QUESTION 3
Which four configurations should you enable on Cisco Unified Communications Manager for integration with Cisco Unified Communications Manager IM and Presence Service? (Choose four.)

A. Enable Cisco CallManager service
B. Enable Cisco TFTP service
C. Enable Cisco CTIManager service
D. Enable Cisco AXL Web service
E. Enable Cisco CARWeb service
F. Enable Cisco Extended Functions service
G. EnableCisco Instant Messenger service
H. EnableCisco Unified Presence service

Answer: A,B,C,D


QUESTION 4
The UDS for contact resolution is enabled in the service profile configuration of the Cisco Unified Communications Manager. Which action can you execute with your Jabber Desktop?

A. modify users
B. search users
C. change users
D. delete users

Answer: B


QUESTION 5
On Cisco TelePresence Management Suite, which two call control devices are supported for call control and setup? (Choose two.)

A. Cisco Unified Communications Manager Express
B. Cisco TelePresence Video Communication Server
C. Cisco Unified Border Element
D. Cisco Unified Communications Manager
E. any SIP-capable call control system

Answer: B,D

 

Click here to view complete Q&A of 300-085 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-085 Certification, Cisco 300-085 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-080 CTCOLLAB Troubleshooting Cisco IP Telephony & Video v1.0

Exam Number 300-080 CTCOLLAB
Associated Certifications CCNP Collaboration
Duration 75 Minutes (55 – 65 questions)
Available Languages English

This exam assesses learner’s knowledge and skills that are required to troubleshoot a Cisco Unified Collaboration solution. The assessment covers troubleshooting methodology, triage, resources, and tools. The exam also covers Cisco Unified Communications Manager, Cisco Video Communication Server (VCS) Control, the Cisco Expressway Series, Cisco TelePresence Management Suite, and media resources, including voice and video conferences.

The following course is the recommended training for this exam.
Troubleshooting Cisco IP Telephony & Video (CTCOLLAB)
Cisco Technology Training for Collaboration E-Learning

Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you.


QUESTION 1
Refer to the exhibit.

Assuming that the two Cisco SAF Forwarders are adjacent to each other and that no SAF clients have been configured, which statement is true?

A. The Cisco SAF Forwarders will not establish a neighbor relationship because the service-family external-client configuration is missing.
B. The Cisco SAF Forwarders will not establish a neighbor relationship because the eigrp label CUCME should be replaced with SAF.
C. The Cisco SAF Forwarders will not establish a neighbor relationship because the service-family external-client configuration is missing as well as the static neighbor configurations.
D. The Cisco SAF Forwarders will establish a neighbor relationship. No further configuration is required.
E. Cisco SAF Forwarders will not establish a neighbor relationship until the SAF clients are configured and registered to the Cisco SAF Forwarders.

Answer: D


QUESTION 2
To maintain proper database integrity, what is the recommended maximum round-trip delay between multiple Cisco VCS appliances in a cluster?

A. 10 ms
B. 15 ms
C. 25 ms
D. 30 ms
E. 50 ms
F. 80 ms

Answer: D


QUESTION 3
To achieve 720p (HD) quality at 30 frames per second on an endpoint that is running TC software, what is the minimum configured call rate?

A. 512 kbps
B. 1152 kbps
C. 768 kbps
D. 2560 kbps

Answer: B


QUESTION 4
When parsing trace output after the call routing decision and path selection have been made, which two records can be found in the CCM|RouteList? (Choose two.)

A. PretransfromDigitString
B. CallingPartyNumber
C. PretransformCallingPartyNumber
D. RouteListName
E. findLocalDevice
F. RouteListCdrc :

Answer: D,F


QUESTION 5
When a user attempts to log out from Cisco Extension Mobility service by pressing the services button and selecting the Cisco Extension Mobility service, the user is not able to log out. What is causing this issue?

A. The Cisco Extension Mobility service has not been configured on the phone.
B. The user device profile is not subscribed to the Cisco Extension Mobility service.
C. The CTI service is not running.
D. The logout URL that is defined for the Cisco Extension Mobility service is incorrect or does not exist under the IP Phone Services configuration.

Answer: B

 

Click here to view complete Q&A of 300-080 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-080 Certification, Cisco 300-080 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-070 Implementing Cisco IP Telephony & Video, Part 1 v1.0

Exam Number 300-070 CIPTV1
Associated Certifications CCNP Collaboration
Duration 75 Minutes (55 – 65 questions)
Available Languages English

This exam tests learners for implementing a Cisco Unified Collaboration solution in a single-site environment. The exam focuses primarily on Cisco Unified Communications Manager. Candidates will need to show they can configure Cisco Unified Communications Manager, implement gateways and Cisco Unified Border Element, and build dial plans to place on-net and off-net voice and video calls using traditional numbered dial plans and Uniform Resource Identifiers (URIs). Candidates will also implement media resources, including voice and video conferences, and be able to describe how quality of service ensures that the network provides the required quality to voice and video calls.

The following course is the recommended training for this exam.
Implementing Cisco IP Telephony & Video, Part 1 (CIPTV1)
Cisco Technology Training for Collaboration E-Learning

Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you.


QUESTION 1
What is the maximum number of 1080p30 HD Conference Participants if an MSE 8000 has fourMSE8710 blades clustered?

A. 48.
B. 180
C. 720
D. 800

Answer: A
Reference:
Page 389
CIPTV110SG_Vol1


QUESTION 2
Which two options are IOS conference bridge types in CUCM? (Choose two)

A. CiscoIOS Enhanced Conference Bridge
B. CiscoIOS Standard Conference Bridge
C. CiscoIOS Software Conference Bridge
D. CiscoIOS Hardware Conference Bridge
E. Cisco IOS Conference Bridge

Answer: A,E
Reference:
Page 367
Cisco Unified Communications Manager Administration Guide, Release 10.0(1)


QUESTION 3
Which protocol is recommended to be used between Cisco Unified Communications Manager and thevoice gateway to simplify the dial plan?

A. SIP.
B. SCCP.
C. H323.
D. RSVP.
E. MGCP.

Answer: E


QUESTION 4
When implementing a global dial plan, which digit manipulation feature in CUCM does Ciscorecommend for adding +1 to all outbound calls?

A. Called party transformation.
B. Calling party transformation.
C. Translation pattern.
D. External phone mask.

Answer: A


QUESTION 5
Which statement about a partition is true?

A. A partition is a logical group of transformation patterns with similar accessibility characteristics.
B. A partition is a group of gateways with similar accessibility characteristics.
C. A partition is a logical group of directory numbers with similar accessibility characteristics.
D. A partition is a logical group of route patterns with similar accessibility characteristics.

Answer: C
Reference:
http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-managercallmanager/13920-call-routing.html

 

 

 

Click here to view complete Q&A of 300-070 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-070 Certification, Cisco 300-070 Training at certkingdom.com

Posted in Cisco | Tagged , , , , , , , , | Leave a comment